Betting on Consensus with Fantmette Sarah Azouvi, Patrick McCorry, - - PowerPoint PPT Presentation

betting on consensus with fant mette
SMART_READER_LITE
LIVE PREVIEW

Betting on Consensus with Fantmette Sarah Azouvi, Patrick McCorry, - - PowerPoint PPT Presentation

Aug 15, 2022 259 likes •1.18k views

Betting on Consensus with Fantmette Sarah Azouvi, Patrick McCorry, Sarah Meiklejohn University College London CESC 2018, SF , October 11 2018 1 Bitcoin vs Traditional Consensus Bitcoin vs Traditional Consensus Open, participants

slide-1
SLIDE 1

Betting on Consensus with Fantômette

Sarah Azouvi, Patrick McCorry, Sarah Meiklejohn University College London

  • 1

CESC 2018, SF , October 11 2018

slide-2
SLIDE 2

Bitcoin vs Traditional Consensus

slide-3
SLIDE 3
  • Open, participants unknown

Bitcoin vs Traditional Consensus

slide-4
SLIDE 4
  • Open, participants unknown
  • One message broadcast per round

Bitcoin vs Traditional Consensus

slide-5
SLIDE 5
  • Open, participants unknown
  • One message broadcast per round
  • Incentives at the core of its security

Bitcoin vs Traditional Consensus

slide-6
SLIDE 6
  • Open, participants unknown
  • One message broadcast per round
  • Incentives at the core of its security
  • High energy consumption

Bitcoin vs Traditional Consensus

slide-7
SLIDE 7

Blockchain without PoW?

slide-8
SLIDE 8

Blockchain without PoW?

  • Proof-of-stake: computation stake
slide-9
SLIDE 9

Blockchain without PoW?

  • Proof-of-stake: computation stake
  • Can we get the same guarantees?
slide-10
SLIDE 10

Blockchain without PoW?

  • Proof-of-stake: computation stake
  • Can we get the same guarantees?
  • Problems: nothing at stake, grinding, long range attacks
slide-11
SLIDE 11

Blockchain without PoW?

  • Proof-of-stake: computation stake
  • Can we get the same guarantees?
  • Problems: nothing at stake, grinding, long range attacks
  • Proposed solutions: PBFT style (e.g. Algorand),

cryptographic (e.g. Ouroboros, Snow-White)

slide-12
SLIDE 12

Blockchain without PoW?

  • Proof-of-stake: computation stake
  • Can we get the same guarantees?
  • Problems: nothing at stake, grinding, long range attacks
  • Proposed solutions: PBFT style (e.g. Algorand),

cryptographic (e.g. Ouroboros, Snow-White)

  • Incentives rarely considered
slide-13
SLIDE 13

Incentives matter

slide-14
SLIDE 14

Incentives matter

slide-15
SLIDE 15

Incentives matter

slide-16
SLIDE 16

Incentives matter

slide-17
SLIDE 17

Incentives matter

slide-18
SLIDE 18

Incentives matter

slide-19
SLIDE 19

Incentives matter

slide-20
SLIDE 20

Model

slide-21
SLIDE 21

Model

Rational Players

slide-22
SLIDE 22

Model

Rational Players Byzantine (Malicious) Players

slide-23
SLIDE 23

Model

Rational Players Byzantine (Malicious) Players Coalitions

slide-24
SLIDE 24

Model

slide-25
SLIDE 25

Model

BAR Model

slide-26
SLIDE 26

Model

BAR Model

slide-27
SLIDE 27

Model

BAR Model

Byzantine Altruistic Rational

slide-28
SLIDE 28

Model

BAR Model

slide-29
SLIDE 29

Model

BAR Model Robustness

slide-30
SLIDE 30

Model

BAR Model Robustness

slide-31
SLIDE 31

Model

BAR Model Robustness

Resilience

slide-32
SLIDE 32

Model

BAR Model Robustness

Resilience Immunity

slide-33
SLIDE 33

Model

Rational Players Byzantine (Malicious) Players Coalitions

slide-34
SLIDE 34

Model

Rational Players Byzantine (Malicious) Players Coalitions

slide-35
SLIDE 35

Model

Rational Players Byzantine (Malicious) Players Coalitions

  • Chain growth
slide-36
SLIDE 36

Model

Rational Players Byzantine (Malicious) Players Coalitions

  • Chain growth
  • Chain quality
slide-37
SLIDE 37

Model

Rational Players Byzantine (Malicious) Players Coalitions

  • Chain growth
  • Chain quality
  • Common prefix
slide-38
SLIDE 38

Fantômette

Overview

slide-39
SLIDE 39

Fantômette

Overview Leader Election

slide-40
SLIDE 40

Fantômette

Overview Leader Election Instead of PoW: leader election

slide-41
SLIDE 41

Fantômette

Overview Leader Election Instead of PoW: leader election Publicly Verifiable Proof of Eligibility

slide-42
SLIDE 42

Fantômette

Overview Leader Election One block elects at least one leader Instead of PoW: leader election Publicly Verifiable Proof of Eligibility

slide-43
SLIDE 43

Fantômette

Overview Leader Election One block elects at least one leader Betting Scheme Instead of PoW: leader election Publicly Verifiable Proof of Eligibility

slide-44
SLIDE 44

Fantômette

Overview Leader Election One block elects at least one leader Betting Scheme Use incentives to move away from BFT-style Instead of PoW: leader election Publicly Verifiable Proof of Eligibility

slide-45
SLIDE 45

Fantômette

Continuous Leader Election

slide-46
SLIDE 46

Fantômette

Continuous Leader Election

  • Fair (Chain quality)
slide-47
SLIDE 47

Fantômette

Continuous Leader Election

  • Fair (Chain quality)
  • Unpredictable
slide-48
SLIDE 48

Fantômette

Continuous Leader Election

  • Fair (Chain quality)
  • Unpredictable
  • Privately unpredictable
slide-49
SLIDE 49

Fantômette

Continuous Leader Election

  • Fair (Chain quality)
  • Unpredictable
  • Privately unpredictable
  • Liveness
slide-50
SLIDE 50

Fantômette

Continuous Leader Election

Random beacon

Pseudo-randomly generated number associated within each block

slide-51
SLIDE 51

Fantômette

Continuous Leader Election

slide-52
SLIDE 52

Fantômette

Continuous Leader Election

slide-53
SLIDE 53

Fantômette

Continuous Leader Election

Initial Random Beacon Verifiable Random Function < target?

slide-54
SLIDE 54

Fantômette

Continuous Leader Election

Initial Random Beacon Verifiable Random Function < target? Verifiable Delay Function -> liveness

slide-55
SLIDE 55

Fantômette

slide-56
SLIDE 56

Fantômette

  • blockDAG (PHANTOM Sompolinski & Zohar)
slide-57
SLIDE 57

Fantômette

  • blockDAG (PHANTOM Sompolinski & Zohar)
  • A block bets on its parent block
slide-58
SLIDE 58

Fantômette

  • blockDAG (PHANTOM Sompolinski & Zohar)
  • A block bets on its parent block
  • A block references other blocks
slide-59
SLIDE 59

Fantômette

  • blockDAG (PHANTOM Sompolinski & Zohar)
  • A block bets on its parent block
  • A block references other blocks

Genesis block A B C

slide-60
SLIDE 60

Fantômette

  • blockDAG (PHANTOM Sompolinski & Zohar)
  • A block bets on its parent block
  • A block references other blocks

Genesis block A B C Notion of chain

slide-61
SLIDE 61

G A B C D

Fantômette

slide-62
SLIDE 62

G A B C D

Fantômette

  • More connection = better score
slide-63
SLIDE 63

G A B C D

Fantômette

  • More connection = better score
  • Break tie with the random beacon
slide-64
SLIDE 64

G A B C D

Fantômette

  • More connection = better score
  • Break tie with the random beacon
  • Can only reference blocks with smaller score
slide-65
SLIDE 65

G A B C D

Fantômette

  • More connection = better score
  • Break tie with the random beacon
  • Can only reference blocks with smaller score
slide-66
SLIDE 66

G A B C D

Fantômette

  • More connection = better score
  • Break tie with the random beacon
  • Can only reference blocks with smaller score
slide-67
SLIDE 67

G A B C D

Main chain grows faster

Fantômette

  • More connection = better score
  • Break tie with the random beacon
  • Can only reference blocks with smaller score
slide-68
SLIDE 68

Fantômette

G A B C D

slide-69
SLIDE 69

Fantômette

G A B C D E

slide-70
SLIDE 70

Fantômette

G A B C D E

slide-71
SLIDE 71

Fantômette

G A B C D E F

slide-72
SLIDE 72

Fantômette

G A B C D E F

slide-73
SLIDE 73

Fantômette

G A B C D E F Reward connectivity

slide-74
SLIDE 74

Fantômette

G A B C D E F Reward connectivity Punishment if not well connected

slide-75
SLIDE 75

Security

Robustness

More likely to win when following the protocol Publish block as fast as possible to get more references Incentive to reference other blocks

slide-76
SLIDE 76

Security

slide-77
SLIDE 77

Security

slide-78
SLIDE 78

Security

Convergence Chain Growth Common prefix

slide-79
SLIDE 79

Security

Convergence Score of the main chain grows faster Chain Growth Common prefix

slide-80
SLIDE 80

Security

Convergence Chain quality Score of the main chain grows faster Chain Growth Common prefix

slide-81
SLIDE 81

Security

Convergence Chain quality Fair leader election Score of the main chain grows faster Chain Growth Common prefix

slide-82
SLIDE 82

Decentralized Checkpointing

slide-83
SLIDE 83

Decentralized Checkpointing

Genesis block X1 X2 Y1 Y2 Z1 Z2

2/3+ 2/3+

. . . . . . . . . . . .

slide-84
SLIDE 84

Decentralized Checkpointing

Genesis block X1 X2 Y1 Y2 Z1 Z2

2/3+ 2/3+

. . . . . . . . . . . .

Candidate Blocks

slide-85
SLIDE 85

Decentralized Checkpointing

Genesis block X1 X2 Y1 Y2 Z1 Z2

2/3+ 2/3+

. . . . . . . . . . . .

x1 and x2 are justified Candidate Blocks

slide-86
SLIDE 86

Decentralized Checkpointing

Genesis block X1 X2 Y1 Y2 Z1 Z2

2/3+ 2/3+

. . . . . . . . . . . .

x1 and x2 are justified x1 and x2 are finalized Candidate Blocks

slide-87
SLIDE 87

Simulations

payoff for altruistic players payoff for coalition of rational players payoff for altruistic players payoff for coalition of Byzantine players

slide-88
SLIDE 88

Simulations

Longest fork Chain Quality

slide-89
SLIDE 89

Conclusion

  • blockDAG : enforce accountability
  • Incentivize rational players to follow the protocol
  • Leverage incentive to have a blockchain type pos

consensus

slide-90
SLIDE 90

pre-print: https://arxiv.org/abs/1805.06786

Fantômette

sarah.azouvi.13@ucl.ac.uk @SarahAzouvi

slide-91
SLIDE 91

pre-print: https://arxiv.org/abs/1805.06786

Fantômette

Questions?

sarah.azouvi.13@ucl.ac.uk @SarahAzouvi